Unrated severityNVD Advisory· Published Aug 13, 2020· Updated Aug 5, 2024
CVE-2019-16374
CVE-2019-16374
Description
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Pega/Pega Platformdescription
- Range: = 8.2.1
Patches
Vulnerability mechanics
References
2- community.pega.com/upgrademitrex_refsource_MISC
- gist.github.com/IAG0110/0205823570ba04ec12e656f7f4602877mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.